Active Defence: Adapting cyber defences to the threat

Compliance has become the comfort zone, but real security remains distant

Despite an increasing focus on securing businesses that are increasingly “going digital”, IT departments are struggling to keep pace with recent advances in security technology. This week IT professionals are descending upon the 18th Infosecurity Europe event with the hope of gaining better insights into how they can secure their IT infrastructure.

Enterprises know that endpoint security is not enough, but the move to active defence has not yet taken hold on a broad scale. Although these technologies are maturing rapidly and communities are forming to expose risks, the biggest barrier is slow adoption of solutions that already exist. IT’s primary challenge is stay up to date with best practices in security while getting smarter about the new active-defence possibilities, and being realistic about the journey ahead. This creation of adapting an active cyberdefence is one of the key trends identified in the 2013 Accenture Technology Vision.

The information security landscape has become an intimidating and confusing place. It is harder for enterprises to keep everything in order: potential IT attack points keep expanding across more devices, more systems, more people, more partners, and broader infrastructure. Extensions to the enterprise, such as cloud and mobility, have created new places for hackers to probe.

Threat levels are increasing as sophisticated, targeted forms of cyber-attacks emerge. Governments and organised crime groups are on the lists of hackers, while “hacktivists” and lone wolf operators are becoming more dangerous. Furthermore, legacy systems that were never designed for a connected world have been brought online, opening up additional points of vulnerability.

While some alert enterprises are striving to stay abreast of new advances in security, many others are now further behind than they were a year ago. Compliance has become the comfort zone, but the security “model” based on adherence to standards is ï¬‚awed, largely as a consequence of rapid innovation in IT. Standards simply can’t evolve fast enough to keep pace. Essentially, enterprises’ default mode is perimeter protection when it should be proactive and analytical and isolationism when it should be integration.

The keys to mastering risk and analysing the big security picture for an enterprise is in understanding the businesses processes and the strategic assets that they are trying to protect. If a business can’t ï¬�gure out what should be happening, it’s hard to say when someone is doing something “wrong.”

Automation can play a big role here. Ideally, IT should be able to deploy security solutions and architectures that will, like human reï¬‚exes, respond instinctively to the growing speed, scale, and variety of attacks. The growing attack surface supports the case for automated capabilities that detect, assess, and respond to threats immediately.

To cope with these new higher-order security challenges, IT leaders should develop a second line of defence by leveraging analytics driven security concepts, enabled by data platforms, to design, implement, and run systems that shift the security emphasis from monitoring to understanding, from collection of data to visualisation of behaviours and anomalies.

Analytical approaches that harness the power of big data allows security to handle large volumes of fast-changing data, in orders of magnitude greater in scale than traditional log analysis. It will also make it easier to harness new forms of data from the unstructured world, opening up fresh opportunities for security analysis. These platforms will help organisations acquire a new understanding of their risk landscapes, explore their data in new ways, and create more timely detection and responses to improve the conï¬�dence of the business.

Integration must extend between IT and the business. Information security has migrated to the CEO’s priority list; aside from the obvious business risks of having substandard security systems, the fact is that many more business users are increasingly able to compromise security, knowingly or not. Yet they are also ideally placed to improve it by collaborating with IT to protect the business.

While IT leaders trawl the halls of the Info Security event, hearing from security vendors who promise to solve all their security woes, they need to remember that there is no “silver bullet” technology. There never will be. No one tool, no matter how capable, can handle the scope, scale, and complexity of the information security challenges of today and tomorrow.

The real advantage lies in successfully integrating solutions and approaches—based on a holistic security architecture—and ensuring that the architecture remains ï¬‚exible enough to deal with the continual ï¬‚ux in security requirements.
Posted by Paul Daugherty, chief technology officer at Accenture

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Login

Not a member yet?

Register for a Computerworld UK Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.Register